In the horde system are 5 types of permissions:
The admin panel "permissions" allow you to set the overall permission for each modul like kronolith, nag, turba, etc...
User permissons for each modul can be modified through authentificated user by horde for sharing created objects like calendars, tasks, notes etc...
See the kronolith help file and Using Horde from a custom website or application and especially the section entitled "Using the calendar widgets to embed calendars"
In the Horde context, the only meaningful permission is READ or the
lack of it. READ means the user has access, lack of it means they don't.
It goes for any application, not just Horde, except that if for some reason you want to let users know that an application exists, but not let them use it (maybe a premium upgrade?), you can give them SHOW permissions.
They are not.
If there are no permissions set on an application, or on Horde itself, the default is to allow authenticated users and disallow guests (unless the app is disabled or set to admin-only in the registry).
If you set any permissions on an application, however, those defaults go away since now there is a permission for the app and it needs to be honored. So when you start adding guest permissions, you need to set appropriate authenticated user permissions as well.
to be continued...